• Overview
  • Overview
• User Interface
  • User Interface
    • Skinning SplunkWeb
  • Splunk toolbar for Firefox
  • Permalinks
    • Parameters
    • Unsupported Parameters
    • Examples
  • Configuring SplunkWeb
    • Skins
    • Localization
  • Scripting the Splunk search command
  • REST API
    • Messages
    • Authentication
    • Search
    • Enabling/disabling REST configuration options
    • Examples
  • SOAP API
    • How Splunk uses SOAP
    • Using the PCL to Make SOAP Requests
    • Additional PCL Search Examples
    • Creating SOAP Requests
    • SOAP Message Examples
    • SOAP error messages
• Data Inputs
  • Data Inputs
  • Input config
  • Scripted inputs
    • Configuration
    • Example
  • Understanding modules and processors
    • Default processors and pipelines
    • Pipeline data keys
    • Changing the default parsing and indexing sequence
    • Adding custom processors
  • Coding C/C++ processors
    • Writing Your Callback Function
    • Write Main
    • Add a Processor Config Stanza to Pipeline
  • Complete C Example
  • Complete C++ Example
  • Selecting events to process with a bundle
    • Create the Processor
    • Create the Module
    • Create the Bundle
    • Add an Additional Processor
• Data Outputs
  • Data Outputs
  • Customizing alert options
    • Email alerts
  • CLI for search
    • Actions
    • Default Argument
    • Parameters
    • Example
  • TCP Output
  • XML API for data output
• Management
  • Management
  • Authentication
    • Command Authentication
    • Parameters
    • Examples
    • Session Authentication
    • Examples
  • CLI for management
    • User Accounts
    • Controls
  • Configuring splunkd
    • Creating default logins on first startup
    • Changing the SSL configuration
  • XML API for management

Configuring splunkd

Creating default logins on first startup

Splunk can create specific administrative accounts on first startup through the user-seed.conf file. You can create a user-seed.conf file in any bundle, but it will only be used the first time you start Splunk and ignored thereafter.

Specify the usernames and passwords to create in this form:

[user_info]
USERNAME = staff
PASSWORD = passw0rd

If users are created via user-seed.conf, the usual default admin account will not be created, only the ones specified. Any accounts created this way will have the Admin role.

Note You should remove this file after first startup, as the passwords are saved in plaintext.

Changing the SSL configuration

The SSL configuration is controlled by the file server.conf. To change the default settings, create a new server.conf file in a configuration bundle. You should create a new bundle rather than using the README directory for easier maintenance later.

An SSL configuration stanza begins with [sslConfig] and can contain the following options:

enableSplunkdSSL = <true|false>

Enables/Disables SSL on the splunkd management port.

enableSplunkSearchSSL = <true|false>

Enables/Disables SSL on the frontend/GUI.

keyfile = <string>

Server certificate file. One of these will be generated by splunkd on startup, you may also replace it with your own cert, PEM format, file.

keyfilePassword = <string>

Server certificate password.

caCertFile = cacert.pem

Public key of the signing authority.

caPath = $$SPLUNK_HOME/etc/auth

path where all these certs are stored.

certCreateScript = genSignedServerCert.sh

Creation script for generating certs on startup of splunk.

For additional information, see server.conf.spec and server.conf.example in $SPLUNK_HOME/etc/bundles/README.

If you enable SSL for the GUI with enableSplunkSearchSSL = true, then you will not be able to access Splunk without specifying https in your browser. Splunkweb will continue to use the same port number, by default 8000.

To disable the web interface entirely, go to the Server > Settings tab in the GUI and select No for "Run Splunk's web interface?" You can also change the port numbers from this page. Save and restart Splunk for your settings to take effect.